Syslog
Configure Syslog Log Source with observIQ
Prerequisites
It may be necessary to add an inbound firewall rule.
For Windows:
- Navigate to Windows Firewall Advanced Settings, and then Inbound Rules
- Create a new rule and set the Rule Type to "Port"
- For Protocol and Ports, select "UDP" and a specific local port of 514
- For Action, select "Allow the connection"
- For Profile, apply to "Domain", "Private", and "Public"
- Set a name to easily identify rule, such as "Allow Syslog Inbound Connections to 514 UDP"
Configuration
Option | Description |
|---|---|
Listen Address | Use this field to verify the path to the Listen Address, a syslog address in the form of ': '. The default is '0.0.0.0:514' |
Connection Type | Choose your sylog connection type: 'udp' or 'tcp' |
Protocol | Choose the protocol of received syslog messages: 'rfc3164' or 'rfc5424' |
Log Types
Types |
|---|
syslog |
Dashboards
Users can configure dashboards using visualizations. More information can be found on our visualizations and dashboards page.
Advanced
For more information on the advanced configuration capabilities, see our detailed plugin guide here.
Updated 8 months ago